1. 25 Mar, 2014 1 commit
    • Leigh Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3
  2. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e
  3. 14 May, 2013 1 commit
    • Kirk Webb's avatar
      Add syntactic sugar for attaching a SAN storage object to node. · 0b1b4a27
      Kirk Webb authored
      Instead of requiring users to specify a hokey-looking duplex link
      between a remote blockstore and a node, let them use the "set-node"
      method on the blockstore object, which implicitly creates this link.
      
      Also, do the same for lans:  introduce [$ns make-san $nodelist]
      
      If/when in the future we allow experimenters to shape links to storage
      servers, specifying the link directly will make more sense.
      0b1b4a27
  4. 30 Apr, 2013 1 commit
    • Leigh Stoller's avatar
      Add physical memory accounting for openvz/xen nodes. The total · 11752432
      Leigh Stoller authored
      amount a physical has is stored in the node types table, and the
      per-vm memory requirement is stored in the nodes table. ptopgen
      adds up usage, and subtracts from the total for the ptop file.
      The vtop number comes from a virt_node_attribute table, and we
      pass this through to the client side. Note that this is less
      important for openvz, more so for XEN.
      
      In the NS file:
      
      	tb-set-node-memory-size $node 1024
      
      Number is in MBs. The mapper defaults this to 128 for openvz and 256
      for xen. Maximum is hardwired to 256 and 512 respectively. Need to
      think about a good way to configure this in.
      11752432
  5. 26 Nov, 2012 1 commit
    • Kirk Webb's avatar
      Pacify the verification parser for blockstores. · 07f6693e
      Kirk Webb authored
      This is a hack.  The "blockstore" procedure is just returning a node
      object, which causes skew in the resulting topology vs. what is generated
      by the implicitly created node objects in the real testbed parser.  Harmless,
      but not a good validity test.  Need to revisit.
      07f6693e
  6. 21 Nov, 2012 1 commit
  7. 26 Oct, 2012 1 commit
  8. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  9. 01 Aug, 2012 1 commit
    • Leigh Stoller's avatar
      This commit adds some simple support for using the Infiniband on the · 997b21b5
      Leigh Stoller authored
      Probe Cluster. The problem is that the IFB is a shared network that
      every node attaches to, which can looks like an ethernet device that
      can ifconfig'ed. In other words, one big lan.
      
      But we still want the user to be able to create a lan so that they can
      interact with it in thei NS file like any other network.
      
      The NS syntax is:
      
      	set lan2 [$ns make-lan "node1 node2 node3" * 0ms]
      	tb-set-switch-fabric $lan2 "infiniband"
      
      The switch fabric tells the backend to do IP assignment for the
      specific global network. Yes, I tried to be a little but general
      purpose. Lets see how this actually turns out.
      
      This first commit treats the fabric as a single big lan on the same
      subnet.
      
      NOTE 1: Since the unroutable IP space is kinda small, but the Probe
      Cluster is really big, we can easily run out of bits if we tried to do
      assignment on virtual topos. Instead, fabrics get their IP allocation
      at swapin time, and the allocations are deleted when the experiment is
      swapped out. The rationale is that the number of swapped in
      experiments is much much smaller then the number of possible topos
      that can be loaded into the DB. Still might run out, but less likely.
      
      The primary impact of above is that IP assignments can change from
      one swap to another, but this is easy to deal with if the user is
      scripting their experiment; the IP allocation is available via the
      XMLRPC interface.
      
      NOTE 2: The current code allocates from a single big network, which
      makes it easy for users to mess each other up if they start doing
      things by hand. Ultimately, we want each lan in each experinent to use
      their own subnet, but that is going to take more work, so lets do it
      in the second phase.
      
      The definition of "network fabrics" is in the new network_fabrics
      tables. As an example for probe:
      
      	INSERT INTO `network_fabrics` set
      		idx=NULL,
      		name='ifband',
      		created=now(),
      		ipalloc=1, ipalloc_onenet=1,
      		ipalloc_subnet='192.168.0.0',ipalloc_netmask='255.255.0.0'
      997b21b5
  10. 11 Apr, 2012 1 commit
    • Leigh Stoller's avatar
      So this commit allows a vlan to be "shared" bewteen experiments. By · dae29101
      Leigh Stoller authored
      shared, I mean that an experiment can request that a port be put into
      a vlan belonging to another experiment. This started out as a hack to
      support openflow enabled vlans in Geni, but then I got a request to
      make it a little more general purpose. You all know how that goes.
      
      Okay, say you have an experiment E1 in some project and that
      experiment has a link or lan call "lan0". You want other experiments
      to be able to stick ports in that vlan. On boss, you would do this
      after E1 is swapped in:
      
      boss> wap sharevlan -o testbed,E1 lan0 mysharedlan
      
      The -o option says to make the vlan open to anyone; without that
      option, only admins can swap in an experiment that requests a port in
      lan0.  The token "mysharedlan" is just a level of indirection for the
      NS file (or rspec).
      
      Next you create a new experiment E2, and in your NS file:
      
      	$ns make-portinvlan $n1 "mysharedlan"
      
      which says to create a lan with a interface on node n1, in the vlan
      named by the token mysharedlan. The token keeps specific pid/eids out
      of the NS file. 
      
      When E2 is swapped in, assign does its thing, and the selected port is
      added to the members list for lan0 in testbed,E1 and then we call
      snmpit with the syncvlansfromtables (-X) option to get the port added.
      
      When E2 is swapped out, we undo the members list and call snmpit with
      the -X option again.
      
      The access issue is a bit of hack of course (open or admins) but I did
      not want to invent a new permission mechanism (yet).
      
      And of course, this is still a work in progress.
      dae29101
  11. 08 Feb, 2012 1 commit
  12. 23 Jan, 2012 1 commit
    • Leigh Stoller's avatar
      Add support for disk agents. This is just the plumbing, Yathindra is · 95ada2d1
      Leigh Stoller authored
      doing the real/hard work. Anyway, in your NS file you can do this:
      
      	set newdisk [new Disk $ns]
      	$newdisk set node $n0
      	$newdisk set type foo
      	$newdisk set mountpoint /qq
      	$newdisk set parameters "foo bar fee"
      	$newdisk set command "bla bla bla"
      
      The parameters and command are optional and default to null. Then on
      your node, tmcd returns:
      
      	DISK DISKNAME=newdisk DISKTYPE='foo' MOUNTPOINT='/qq' MOUNTPOINT='foo bar fee' PARAMETERS='bla bla bla'
      
      Note that there is no client support code in this commit.
      95ada2d1
  13. 10 Aug, 2011 1 commit
    • Leigh Stoller's avatar
      Plumb multi image load through from the NS frontend. In other words, · 33b312d7
      Leigh Stoller authored
      you can do this in your NS file:
      
      tb-set-node-loadlist $myboss FBSD73-S2,FBSDXX-FOO
      
      Note that this does not replace tb-set-node-os(), cause that is a
      little too special. So in practice, you would do:
      
      tb-set-node-os $myboss FBSD73-STD
      tb-set-node-loadlist $myboss FBSD73-S2,FBSDXX-FOO
      33b312d7
  14. 25 May, 2011 1 commit
  15. 04 Apr, 2011 1 commit
    • David Johnson's avatar
      Add client side service and service hook configuration commands. The · 25711c9c
      David Johnson authored
      valid service/env/whence tuples are specified in the client_services
      table.  Only services that exist in that table can be configured -- so
      if rc.ifconfig is only configurable at boot, every time, the user can
      only add hooks (or control the service) for rc.ifconfig at boot, every
      time (so not in the load env, nor only once).
      
      Users can either specify a script that gets turned into a per-experiment
      blob, OR they can specify a static blob that they already created in the
      blobs table via mkblob.  They can't do both though.
      
      tb-set-node-service "rc.foo" \
          -node (""|$node) -env (boot|load) -whence (every|first) \
          -script "/path/to/script" -scriptblob "<blobid>" \
          -enable (0|1) -enablehooks (0|1) -fatal (0|1)
      
      All options are "optional".  Even if you disable a service, its hooks
      are enabled by default.  Services can now be fatal.
      
      tb-add-node-service-hook "rc.foo" \
          -node (""|$node) -env (boot|load) -whence (every|first) \
          -script "/path/to/script" -scriptblob "<blobid>" \
          -op (boot|shutdown|reconfig|reset) -point (pre|post) \
          -argv "" -fatal (0|1)
      25711c9c
  16. 16 Nov, 2010 1 commit
    • Kevin Atkinson's avatar
      Add support for all node "tb-set-tarfiles". · a0d0c95e
      Kevin Atkinson authored
      "tb-set-tarfiles" is like "tb-set-node-tarfiles" except that it
      distributes the tarfile to all nodes rather than just one and that it
      uses frisbee to distribute the file.
      
      These changes involved 1) refactoring frisbee info from images table
      into a new table, frisbee_blobs, 2) a new experiment_blobs table, and
      3) a new tmcd command so the node knows how to get the files from the
      server.
      
      The changes where designed to be general purpose enough to eventually
      support:
        1) Distributing arbitrary files (not just tarfiles) to nodes
        2) Perform arbitrary actions on those files
        3) Use arbitrary methods to get the files
      
      As such the tmcd line is as follows:
        URL=* ACTION=*
      
      where URL is currently:
        frisbee.mcast://<ADDR>/<FILE>
      for example
        frisbee.mcast://234.16.184.192:18092/users/kevina/home-dir.tar.gz
      and when we get around to using a master Frisbee server it could be
        frisbee://*
      or it could be a file://, http://, etc.
      
      and ACTION is currently:
        unpack:<LOCATION>
      for example
        unpackt:/users
      with future syntax to be determined.
      a0d0c95e
  17. 03 Jun, 2010 1 commit
    • Leigh Stoller's avatar
      Add more MLE support. Here is a sample NS file that demonstrates the · 958fc09d
      Leigh Stoller authored
      new code. Note that this commit implements only the frontend part.
      
      set n1 [$ns node]
      set n2 [$ns node]
      set n3 [$ns node]
      
      set seg1 [$ns duplex-link $n1 $n2 * 0ms DropTail]
      set seg2 [$ns duplex-link $n2 $n3 * 0ms DropTail]
      tb-set-link-layer $seg1 1
      tb-set-link-layer $seg2 1
      
      set mypath [$ns make-path "seg1 seg2"]
      
      set link0 [$ns duplex-link $n1 $n3 * 0ms DropTail]
      $link0 implemented_by $mypath
      958fc09d
  18. 14 Apr, 2010 1 commit
    • Mike Hibler's avatar
      Add some useful elabinelab sitevars. · 9bb38c10
      Mike Hibler authored
      New sitevars:
        elabinelab/singlenet     set the system-wide default for cnet implementation
        elabinelab/boss_osid     default OSID for boss node
        elabinelab/ops_osid      default OSID for ops node
        elabinelab/fs_osid       default OSID for fs node
      
      Also mark the various elabinelab/*pkg* sitevars as deprecated.  Package
      versions are just too dependent on the OS running and we almost always
      wind up overriding these sitevars in rc.mkelab anyway.
      9bb38c10
  19. 13 Apr, 2010 1 commit
  20. 30 Mar, 2010 1 commit
    • Mike Hibler's avatar
      Change syntax for adding/removing elabinelab attributes. · 3ec8f1a6
      Mike Hibler authored
      Made set-elabinelab-attribute set the attribute for all roles (nodes).
      Added a net command set-elabinelab-role-attribute to set it for a single role.
      Ditto for unset.
      
      The common case was setting a "global" attribute and it was tedious to give
      individual commands for boss, ops, fs, etc.
      3ec8f1a6
  21. 29 Mar, 2010 1 commit
  22. 10 Feb, 2010 1 commit
    • Xing Lin's avatar
      oml implementation with git · 1a451d9e
      Xing Lin authored
      The main purpose of this change is to support oml in Emulab. It adds several
      new testbed command extensions, which enable users to use oml to collect their
      experimental data.
      1a451d9e
  23. 02 Dec, 2009 1 commit
  24. 11 Jun, 2009 1 commit
    • Leigh Stoller's avatar
      Two new minor functions: · a727dac1
      Leigh Stoller authored
      * tb-set-node-sharingmode{node mode} sets the sharing mode for a
        physical node. Only admins can do this, to create an experiment to
        contain shared nodes.
      
      * tb-set-node-usesharednode{node weight} sets a desire to use a shared
        node (for a pcvm). This goes into assign, against the a feature that
        is set for all nodes actining as a shared host.
      a727dac1
  25. 14 Apr, 2009 1 commit
    • Kevin Atkinson's avatar
      Implement front-end parts for backfill changes. Added the following · bca66466
      Kevin Atkinson authored
      NS commands:
        tb-set-link-backfill <link> <bw>
        tb-set-link-simplex-backfill <link> <src node> <bw>
        tb-set-lan-backfill <lan> <bw>
        tb-set-node-lan-backfill <node> <lan> <bw>
        tb-set-lan-simplex-backfill <lan> <node> <tobw> <frombw>
      for now the tbres/FBSD410-DEL-BACKFILL image needs to be used.
      bca66466
  26. 20 Dec, 2007 1 commit
  27. 17 Aug, 2007 1 commit
  28. 26 Mar, 2007 1 commit
  29. 29 Nov, 2006 1 commit
    • Leigh Stoller's avatar
      Keith Sklower's changes to support a single control network model for · 08737f67
      Leigh Stoller authored
      ElabInElab experiments, so as not to consume an interface.
      
      I actually modified Keith's changes so that we can dynmaically choose
      the single or dual model in the NS file (Keith's changes hardwired the
      system to only single control network) since the single network model
      has the disadvantage of not allowing new nodes to be added to an inner
      elab, which would make it impossible to test some things (like the
      newnode path!).
      
      To choose the single control network model, place this in your NS file:
      
      	tb-elabinelab-singlenet
      
      other it defaults to the older dual network model.
      08737f67
  30. 06 Oct, 2006 1 commit
  31. 05 Sep, 2006 1 commit
    • Leigh Stoller's avatar
      A bunch of template changes resulting from meetings last week. · 087dbfff
      Leigh Stoller authored
      * Add XMLRPC interface for template swapin,stoprun,startrun,swapout and
        add the appropriate wrappers to the script_wrapper on ops.
      
      * Allow parameter descriptions in NS files. This is probably not in its
        final form since its a bit confusing as to what has priority; something
        in the NS file or a metadata item. Anyway, you can do this in your NS
        file:
      
      	$ns define-template-parameter GUID "0/0" "The GUID to be analyzed"
      
        The rules are currently that the NS file description has priority and
        is copied to child templates, unless the user has modified a description
        via the web interface, in which case the NS file description is ignored.
        I know, sounds awful, but for the most part people are going to use the
        NS file anyway.
      
      * Add "clear" option when starting a new experiment run; the per
        experiment DB at the logholes are cleared. Note that this is *not* the
        default behaviour; you have to either check the checkbox on the web form
        or use the -c option to the script wrapper, or clear=yes if talking
        directly to the XMLRPC server.
      
      * Fix up how email is generated for template_swapin and template_create,
        so that Kevin can debug tblog/tbreport stuff, but also so that we maintain
        mail logs as before. I have made some improvements to libaudit so as to
        centralize the mail goo, and avoid duplicating all that stuff.
      
      * Minor fixes to the program agent so that the new environment strings are
        sent before the program agent exits and reloads them!
      
      * Other minor little things.
      087dbfff
  32. 28 Aug, 2006 1 commit
  33. 14 Jul, 2006 1 commit
  34. 03 Jul, 2006 1 commit
    • Mike Hibler's avatar
      Framework for supporting 802.1q tagged VLANs as a form of multiplexed link. · 3f1c15e2
      Mike Hibler authored
      Actually, most of the changes here were just to generalize the "virtual
      interface" state in the DB.  Other than the client-side scripts, there
      is very little specific here specific to tagged VLANs.
      
      In fact, you cannot specify "vlan" as a type yet as we haven't done the
      snmpit support for setting up the switches.
      
      For more info see bas:~mike/flux/doc/testbed-virtinterfaces.txt, which I
      will integrate into the knowledge base and the Emulab doc at some point.
      3f1c15e2
  35. 16 Jun, 2006 1 commit
  36. 15 Jun, 2006 1 commit
  37. 31 May, 2006 1 commit
  38. 11 May, 2006 1 commit
    • Mike Hibler's avatar
      Initial support for plab-in-elab: · 088c8e74
      Mike Hibler authored
      * setup some fields that parallel the
        elab-in-elab ones, for modifying the dhcpd.conf file.
      
      * tb-set-node-plab-role to set a node as either 'plc' or 'node'
        used to set the DB role field above
      088c8e74
  39. 05 May, 2006 1 commit
  40. 29 Mar, 2006 1 commit